#!/bin/bash



groupadd sugroup

cp -av /etc/pam.d/su "/etc/pam.d/su.$(date +%F_%s)" &&
sed -i -r '/auth.*required.*pam_wheel/Ic\
auth            required        pam_wheel.so use_uid group=sugroup' /etc/pam.d/su

cp -av /etc/sudoers "/etc/sudoers.$(date +%F_%s)" &&
sed -i -r '/^ *user_00/d;/^ *user_sre/d' /etc/sudoers &&
sed -i -r '$auser_00 ALL=(ALL) NOPASSWD: ALL' /etc/sudoers &&
sed -i -r '$auser_sre ALL=(ALL) NOPASSWD: ALL' /etc/sudoers &&
sed -i -r '1{/auth[ \t]*required[ \t]*pam_wheel/d}' /etc/pam.d/su

cp -av /etc/audit/auditd.conf "/etc/audit/auditd.conf.$(date +%F_%s)" &&
sed -i -r '/max_log_file *=/Ic\
max_log_file = 999999' /etc/audit/auditd.conf &&
sed -i -r '/max_log_file_action *=/Ic\max_log_file_action = keep_logs' /etc/audit/auditd.conf

cp -av /etc/ssh/sshd_config "/etc/ssh/sshd_config.$(date +%F_%s)" &&
sed -i -r '/ClientAlive/Id' /etc/ssh/sshd_config &&
sed -i -r '$aClientAliveInterval 300' /etc/ssh/sshd_config &&
sed -i -r '$aClientAliveCountMax 3' /etc/ssh/sshd_config
sshd -t &&
systemctl restart sshd
